The branch stable/14 has been updated by rmacklem:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b84156e7f136792d3a34f5338635e5b41b256b4f
commit b84156e7f136792d3a34f5338635e5b41b256b4f
Author: Rick Macklem <rmack...@freebsd.org>
AuthorDate: 2025-09-04 01:48:52 +0000
Commit: Rick Macklem <rmack...@freebsd.org>
CommitDate: 2025-09-07 01:31:05 +0000
nfsd: Fix the NFSv4 Readdir operation for an empty ZFS dir
Commit 9a3edc8 modified the behaviour of ZFS's
VOP_READDIR() such that it will reply EINVAL for
an offset past EOF on the directory.
This exposed a latent bug in the NFSv4 Readdir
code, which would attempt a Readdir with an
offset beyond EOF for a directory that consists
of only "." and "..". This happened because NFSv4
does not reply "." or ".." to the client and, after
skipping over them, attempted another VOP_READDIR().
This patch fixes the problem by checking the eofflag
for the case where all entries have been skipped over.
Reviewed by: kib
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D52370
(cherry picked from commit 1c52d525f06411726d7755081f904de64749eb9b)
---
sys/fs/nfsserver/nfs_nfsdport.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sys/fs/nfsserver/nfs_nfsdport.c b/sys/fs/nfsserver/nfs_nfsdport.c
index c22d06ef0aeb..58107029c8c3 100644
--- a/sys/fs/nfsserver/nfs_nfsdport.c
+++ b/sys/fs/nfsserver/nfs_nfsdport.c
@@ -2496,6 +2496,7 @@ again:
* rpc reply
*/
if (siz == 0) {
+ateof:
vput(vp);
if (nd->nd_flag & ND_NFSV3)
nfsrv_postopattr(nd, getret, &at);
@@ -2537,6 +2538,8 @@ again:
ncookies--;
}
if (cpos >= cend || ncookies == 0) {
+ if (eofflag != 0)
+ goto ateof;
siz = fullsiz;
toff = off;
goto again;
